Security

Update from Microsoft on VeriSign certificates

The biggest news Exterminator found this week regards an update that recognizes the fraudulent Microsoft digital certificates from VeriSign. In addition, Novell has released a ZEN support pack, and Trend Micro offers the latest virus news.


Exterminator brings you weekly updates on bug fixes, virus recovery, service release announcements, and security notices for Windows, Novell, Linux, and other systems.

Microsoft Security Bulletin (MS01-017)
Regarding: All Microsoft products
Date Posted: March 22, 2001; updated March 28
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

Last week, VeriSign announced that it had issued digital certificates to an individual posing as a Microsoft employee. The certificates can be used on code, ActiveX controls, or other executable content, which will appear to originate from Microsoft. Microsoft has released an update that will prevent code with these signatures from being trusted by Internet Explorer.

Microsoft Security Bulletin (MS01-018)
Regarding: Visual Studio 6.0 Enterprise Edition
Date Posted: March 27, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

This patch addresses a problem with the Visual Basic T-SQL debugger object in Visual Studio 6.0, which has an unchecked buffer. An attacker could use this vulnerability to run code on the affected machine. Keep in mind that the object is designed to be accessed remotely and is installed by default with VS 6.0 Enterprise Edition.

Novell issues
Regarding: ZENworks for Desktops 3
Date Posted: March 27 and 28, 2001
Patch URL:Click here to download the patch. (Select appropriate language)
Information URL:
Multilingual version:Click here for more information.
Japanese version:Click here for more information.
Asia-Pac version:Click here for more information.
Russian version:Click here for more information.

Novell has released Support Pack 1 for ZENworks for Desktops 3 in a number of non-English languages, including Russian and Japanese, as well as two multilingual versions.

Virus updates from Trend Micro
Virus/Worm: TROJ_VBSWG_2B
Posted: March 26, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Virus/Worm: VBS_LEE.A
Posted: March 27, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Virus/Worm: PE_LINDOSE.A
Posted: March 28, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Virus/Worm: ELF_LINDOSE.A
Posted: March 28, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Virus/Worm: CERT_VERISIGN
Posted: March 28, 2001
Risk: Low
Information URL:Click here for more information.

Virus/Worm: JS_WIRETAP.DEMO
Posted: March 28, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Stay current on virus information
Are you keeping up with the latest virus information from Microsoft and Novell? If not, visit the Exterminator archive for past columns with information on bugs and patches you may have missed.

 

Exterminator brings you weekly updates on bug fixes, virus recovery, service release announcements, and security notices for Windows, Novell, Linux, and other systems.

Microsoft Security Bulletin (MS01-017)
Regarding: All Microsoft products
Date Posted: March 22, 2001; updated March 28
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

Last week, VeriSign announced that it had issued digital certificates to an individual posing as a Microsoft employee. The certificates can be used on code, ActiveX controls, or other executable content, which will appear to originate from Microsoft. Microsoft has released an update that will prevent code with these signatures from being trusted by Internet Explorer.

Microsoft Security Bulletin (MS01-018)
Regarding: Visual Studio 6.0 Enterprise Edition
Date Posted: March 27, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

This patch addresses a problem with the Visual Basic T-SQL debugger object in Visual Studio 6.0, which has an unchecked buffer. An attacker could use this vulnerability to run code on the affected machine. Keep in mind that the object is designed to be accessed remotely and is installed by default with VS 6.0 Enterprise Edition.

Novell issues
Regarding: ZENworks for Desktops 3
Date Posted: March 27 and 28, 2001
Patch URL:Click here to download the patch. (Select appropriate language)
Information URL:
Multilingual version:Click here for more information.
Japanese version:Click here for more information.
Asia-Pac version:Click here for more information.
Russian version:Click here for more information.

Novell has released Support Pack 1 for ZENworks for Desktops 3 in a number of non-English languages, including Russian and Japanese, as well as two multilingual versions.

Virus updates from Trend Micro
Virus/Worm: TROJ_VBSWG_2B
Posted: March 26, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Virus/Worm: VBS_LEE.A
Posted: March 27, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Virus/Worm: PE_LINDOSE.A
Posted: March 28, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Virus/Worm: ELF_LINDOSE.A
Posted: March 28, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Virus/Worm: CERT_VERISIGN
Posted: March 28, 2001
Risk: Low
Information URL:Click here for more information.

Virus/Worm: JS_WIRETAP.DEMO
Posted: March 28, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Stay current on virus information
Are you keeping up with the latest virus information from Microsoft and Novell? If not, visit the Exterminator archive for past columns with information on bugs and patches you may have missed.

 

Editor's Picks

Free Newsletters, In your Inbox